SEC-2888: Polish

web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java

@@ -103,7 +103,6 @@ public final class AntPathRequestMatcher implements RequestMatcher {
             }
 
             // If the pattern ends with {@code /**} and has no other wildcards or path variables, then optimize to a sub-path match
-            // TODO: use spring-framework  AntPathMatcher.VARIABLE_PATTERN instead.           
             if (pattern.endsWith(MATCH_ALL) && (pattern.indexOf('?') == -1 && pattern.indexOf('{') == -1 && pattern.indexOf('}') == -1) &&
                     pattern.indexOf("*") == pattern.length() - 2) {
                 matcher = new SubpathMatcher(pattern.substring(0, pattern.length() - 3));

web/src/test/java/org/springframework/security/web/util/matcher/AntPathRequestMatcherTests.java

@@ -93,6 +93,17 @@ public class AntPathRequestMatcherTests {
         assertFalse(matcher.matches(createRequest("/paskos/bleh/")));
     }
 
+    @Test
+    public void nontrailingWildcardWithVariableMatchesCorrectly() {
+        AntPathRequestMatcher matcher = new AntPathRequestMatcher("/**/{id}");
+        assertTrue(matcher.matches(createRequest("/blah/1234")));
+        assertTrue(matcher.matches(createRequest("/bleh/4567")));
+        assertTrue(matcher.matches(createRequest("/paskos/blah/")));
+        assertTrue(matcher.matches(createRequest("/12345/blah/xxx")));
+        assertTrue(matcher.matches(createRequest("/12345/blaha")));
+        assertTrue(matcher.matches(createRequest("/paskos/bleh/")));
+    }
+
     @Test
     public void requestHasNullMethodMatches() {
         AntPathRequestMatcher matcher = new AntPathRequestMatcher("/something/*", "GET");